Eurosox lost in translation, warns Information Security Forum

LONDON – The European Union’s corporate governance directives are in danger of being lost in translation, given the 25 different language versions into which they must be translated for member state implementation, according to the Information Security Forum (ISF).

EuroSox is the EU’s equivalent of the US Sarbanes-Oxley Act. It consists of three directives due to become part of the member states’ law this summer: the Fourth Directive, 78/660/EEC, Seventh Directive, 83/349/EEC and Eighth Directive, 84/253/EEC. The last of these was passed for implementation in April 2006.

But, according to the ISF, which comprises over 300 multinationals, large firms might struggle to implement EuroSox across borders. Heavy compliance burdens could be caused by differing interpretations of the directives by national regulators.

“While compliance is being driven at the highest level in most organisations, the implementation of the Sarbanes-Oxley Act both in the US and Europe has proved over-burdensome and costly,” says Andy Jones, a senior research consultant at the ISF. “It is possible that some of this experience might mean EuroSox is implemented more carefully and slowly.”